New legislation is putting pressure on U.S. colleges and universities to do a better job combating illegal file-sharing -- and it's taking a toll on campus IT departments, according to research published this week.

A law passed by Congress and signed into law by President Bush in August requires the nation's 4,400 public and private colleges and universities to address the issue of illegal peer-to-peer (P2P) file-sharing of digital content on campus.

Buried in the Higher Education Opportunity Act of 2008 are requirements that campuses inform students that illegal distribution of copyrighted materials, such as music and movies, is subject to criminal and civil penalties. The law requires college and university management to certify to the U.S. Secretary of Education that they have developed plans to "effectively combat" illegal P2P.

The new law also strongly encourages the use of technical measures to monitor and block illegal P2P, which some observers in academia expect the U.S. Department of Education will make a mandatory requirement during the next year.

Beyond trying to stop illegal P2P activity by students on campus networks, the new law suggests colleges and universities ought to be licensing digital music services, such as those from Napster, for students.

"The legislation is explicit that campuses are expected to offer an alternative to P2P piracy by licensing a music service such as Napster," says Kenneth Green, founding director of the Encino, Calif.-based Campus Computing Project (CCP), which since 1990 has studied the role of information technology in American higher education. If this becomes a requirement next year, campuses can expect to pay "six figures" for the kind of licensing envisioned under the legislation, a provision supported by such trade groups as the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA).

While Green doesn't deny that illegal P2P file-sharing occurs on college campuses across the country, he adds that MPAA and RIAA (which successfully lobbied Congress to get the P2P file-sharing provisions into the 2008 bill) are overstating the problem.

This week the CCP published a survey of 321 colleges and universities to see how they're handling P2P piracy issues. The survey, titled "The Campus Costs of P2P Compliance," also draws on data from CCP's annual, broader 2007 survey of IT on campus.

Survey respondents report the burden for P2P compliance is falling directly on campus IT personnel and is a huge drain on their time. "As high as two IT personnel are involved, which could mean a salary overhead of [US]$150,000 to 200,000," Green says.

The survey found that about 85% of academic institutions already inform their students about P2P piracy. Methods vary widely -- from simple posters on the wall to more in-depth online tutorials required at some places, such as Cornell University, to teach students rights and responsibilities before they use the college network, Green says.

The survey report states that "college students have been an understandably easy target for the music industry's anger about P2P file-sharing and by extension, declining CD sales."

On the technology front, about 25% of public universities already have installed technology to combat P2P piracy. Overall, the technology deployment at public and private 2-year and 4-year institutions ranges from about 22% to as high as 40%, according to the survey.

In some places, the money spent on P2P compliance already is topping half a million dollars in cash and personnel time. Still, surveys that CCP has done in the recent past indicate that many IT personnel don't believe that technology approaches are altogether effective in stopping P2P piracy.

"Technology managers on campus say P2P-killer software doesn't work," says Green, adding he's skeptical of the support for the tech-oriented approach advocated by some in Congress, including Rep. Bart Gordon (D-TN), chair of the House Science and Technology Committee, who has publicly said he views technology as the first line of defense.

Doug Camplejohn, CEO of Mi5 Networks, which contends its Webgate product is effective against P2P, acknowledges P2P file-sharing is not easy to combat. "P2P applications in general are the most evasive invented," he says. "P2P apps, as soon as they are blocked, jump to another protocol to get out." He notes that P2P apps often are used to disseminate such malware as botnets, and are best stopped on any network, not just colleges.

This story, "New Law Clamps Down on File-Sharing on Campus" was originally published by
Network World.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.